A vulnerability has been reported in Apache Tomcat, which can be exploited by malicious people to conduct cross-site scripting attacks.
Input passed via the "Accept-Language" header is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site, e.g. via a specially crafted Flash file.
The vulnerability affects the following versions: * Tomcat 4.0.0 to 4.0.6 * Tomcat 4.1.0 to 4.1.34 * Tomcat 5.0.0 to 5.0.30 * Tomcat 5.5.0 to 5.5.20 * Tomcat 6.0.0 to 6.0.5